Dubious Developers Cash In On Candy Crush

Some of the apps discussed in this blog entry were developed with an older adware SDK that did not contain opt-in provisions, particularly regarding the ability to collect information and display ads outside of the original app. The adware SDK has since been updated to this capability to comply with Google’s developer policies; apps that use this newer version are no longer considered high-risk.

As expected, shady developers are now taking advantage of Candy Crush, one of the hottest gaming apps in both social networks and Android.

Recently, Candy Crush grabbed the top spot from FarmVille 2 as the most popular gaming app on Facebook. This boost in popularity, however, has its perils. In particular, Candy Crush’s popularity made it the perfect target for dubious developers and cybercriminals who want to lure and profit from fans of the game – similar to what happened with other popular mobile apps and games like Instagram, Bad Piggies, and Temple Run in the past.

In a development that surprised no one, we discovered fake Candy Crush apps online, proving that cybercriminals are indeed hoping to capitalize on the game’s current trending status. These apps contain code for the Leadbolt and Airpush ad networks; apps containing said code were some of the most prevalent found last year. (We detect these as ANDROIDOS_LEADBLT.HRY and ANDROIDOS_AIRPUSH.HRXV.)

Figure 1. Screenshot and notification of fake app

While not inherently malicious, adware can be abused by cybercriminals for their own gains. Adware not only uses aggressive advertising tactics such as persistent notifications, but also collects information about the user. This could be construed as a violation of the user’s privacy.

We’ve predicted that malicious and high-risk Android apps will hit 1 million sometime this year. This may sound like a huge number, but considering the number of Android malware for 2012 exceeded our expectations and the continuous popularity of the platform, it’s very plausible. Our own researcher, Rik Ferguson, noted in his blog post that 293,091 apps were found to be malicious and of these, 68,740 were found on the official Google Play store. Around 22% of these malicious apps were found to leak information about the user.

These figures can be daunting, but you can start small steps to protect yourself. For one, you make it a habit to read the app page e.g. app description, developer’s page, and comments. Comments can be a goldmine of information, since you’ll know what other users are saying about their experience with the app. Once you install any apps, make sure that you check out the permissions that they are asking for. For better protection, you can install security apps designed for devices, like Trend Micro Mobile Security Personal Edition, which can detect and delete malicious or high-risk Android apps.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:

Security Predictions for 2018

Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.Read our security predictions for 2018.

Business Process Compromise

Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more,
read our Security 101: Business Process Compromise.